﻿using DbUp;
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.Data.SqlClient;
using System.Net.Http;
using System.Reflection;
using System.IO;

namespace Bit.Setup
{
    public class Program
    {
        private static string[] _args = null;
        private static IDictionary<string, string> _parameters = null;
        private static Guid? _installationId = null;
        private static string _installationKey = null;
        private static string _hostOs = "win";
        private static string _coreVersion = "latest";
        private static string _webVersion = "latest";

        public static void Main(string[] args)
        {
            Console.WriteLine();

            _args = args;
            _parameters = ParseParameters();
            if(_parameters.ContainsKey("os"))
            {
                _hostOs = _parameters["os"];
            }
            if(_parameters.ContainsKey("corev"))
            {
                _coreVersion = _parameters["corev"];
            }
            if(_parameters.ContainsKey("webv"))
            {
                _webVersion = _parameters["webv"];
            }

            if(_parameters.ContainsKey("install"))
            {
                Install();
            }
            else if(_parameters.ContainsKey("update"))
            {
                Update();
            }
            else if(_parameters.ContainsKey("printenv"))
            {
                PrintEnvironment();
            }
            else
            {
                Console.WriteLine("No top-level command detected. Exiting...");
            }
        }

        private static void Install()
        {
            var outputDir = _parameters.ContainsKey("out") ?
                _parameters["out"].ToLowerInvariant() : "/etc/bitwarden";
            var domain = _parameters.ContainsKey("domain") ?
                _parameters["domain"].ToLowerInvariant() : "localhost";
            var letsEncrypt = _parameters.ContainsKey("letsencrypt") ?
                _parameters["letsencrypt"].ToLowerInvariant() == "y" : false;

            if(!ValidateInstallation())
            {
                return;
            }

            var ssl = letsEncrypt;
            if(!letsEncrypt)
            {
                ssl = Helpers.ReadQuestion("Do you have a SSL certificate to use?");
                if(ssl)
                {
                    Directory.CreateDirectory($"/bitwarden/ssl/{domain}/");
                    var message = "Make sure 'certificate.crt' and 'private.key' are provided in the \n" +
                                  "appropriate directory before running 'start' (see docs for info).";
                    Helpers.ShowBanner("NOTE", message);
                }
            }

            var identityCertPassword = Helpers.SecureRandomString(32, alpha: true, numeric: true);
            var certBuilder = new CertBuilder(domain, identityCertPassword, letsEncrypt, ssl);
            var selfSignedSsl = certBuilder.BuildForInstall();
            ssl = certBuilder.Ssl; // Ssl prop can get flipped during the build

            var sslTrusted = letsEncrypt;
            var sslDiffieHellman = letsEncrypt;
            if(ssl && !selfSignedSsl && !letsEncrypt)
            {
                sslDiffieHellman = Helpers.ReadQuestion("Use Diffie Hellman ephemeral parameters for SSL " +
                    "(requires dhparam.pem, see docs)?");
                sslTrusted = Helpers.ReadQuestion("Is this a trusted SSL certificate (requires ca.crt, see docs)?");
            }

            if(!ssl)
            {
                var message = "You are not using a SSL certificate. Bitwarden requires HTTPS to operate. \n" +
                              "You must front your installation with a HTTPS proxy. The web vault (and \n" +
                              "other Bitwarden apps) will not work properly without HTTPS.";
                Helpers.ShowBanner("WARNING", message, ConsoleColor.Yellow);
            }
            else if(ssl && !sslTrusted)
            {
                var message = "You are using an untrusted SSL certificate. This certificate will not be \n" +
                              "trusted by Bitwarden client applications. You must add this certificate to \n" +
                              "the trusted store on each device or else you will receive errors when trying \n" +
                              "to connect to your installation.";
                Helpers.ShowBanner("WARNING", message, ConsoleColor.Yellow);
            }

            var url = $"https://{domain}";
            int httpPort = default(int), httpsPort = default(int);
            if(Helpers.ReadQuestion("Do you want to use the default ports for HTTP (80) and HTTPS (443)?"))
            {
                httpPort = 80;
                if(ssl)
                {
                    httpsPort = 443;
                }
            }
            else if(ssl)
            {
                httpsPort = 443;
                if(int.TryParse(Helpers.ReadInput("HTTPS port").Trim(), out httpsPort) && httpsPort != 443)
                {
                    url += (":" + httpsPort);
                }
                else
                {
                    Console.WriteLine("Using default port.");
                }
            }
            else
            {
                httpPort = 80;
                if(!int.TryParse(Helpers.ReadInput("HTTP port").Trim(), out httpPort) && httpPort != 80)
                {
                    Console.WriteLine("Using default port.");
                }
            }

            if(Helpers.ReadQuestion("Is your installation behind a reverse proxy?"))
            {
                if(Helpers.ReadQuestion("Do you use the default HTTPS port (443) on your reverse proxy?"))
                {
                    url = $"https://{domain}";
                }
                else
                {
                    if(int.TryParse(Helpers.ReadInput("Proxy HTTPS port").Trim(), out var httpsReversePort)
                        && httpsReversePort != 443)
                    {
                        url += (":" + httpsReversePort);
                    }
                    else
                    {
                        Console.WriteLine("Using default port.");
                        url = $"https://{domain}";
                    }
                }
            }
            else if(!ssl)
            {
                Console.WriteLine("ERROR: You must use a reverse proxy if not using SSL.");
                return;
            }

            var push = Helpers.ReadQuestion("Do you want to use push notifications?");

            var nginxBuilder = new NginxConfigBuilder(domain, url, ssl, selfSignedSsl, letsEncrypt,
                sslTrusted, sslDiffieHellman);
            nginxBuilder.BuildForInstaller();

            var environmentFileBuilder = new EnvironmentFileBuilder
            {
                DatabasePassword = Helpers.SecureRandomString(32),
                Domain = domain,
                IdentityCertPassword = identityCertPassword,
                InstallationId = _installationId,
                InstallationKey = _installationKey,
                OutputDirectory = outputDir,
                Push = push,
                Url = url
            };
            environmentFileBuilder.BuildForInstaller();

            var appSettingsBuilder = new AppSettingsBuilder();
            appSettingsBuilder.Build();

            var appIdBuilder = new AppIdBuilder(url);
            appIdBuilder.Build();

            var dockerComposeBuilder = new DockerComposeBuilder(_hostOs, _webVersion, _coreVersion);
            dockerComposeBuilder.BuildForInstaller(httpPort, httpsPort);
        }

        private static void Update()
        {
            if(_parameters.ContainsKey("db"))
            {
                MigrateDatabase();
            }
            else
            {
                RebuildConfigs();
            }
        }

        private static void PrintEnvironment()
        {
            var vaultUrl = Helpers.GetValueFronEnvFile("global", "globalSettings__baseServiceUri__vault");
            Console.WriteLine("\nBitwarden is up and running!");
            Console.WriteLine("===================================================");
            Console.WriteLine("\nvisit {0}", vaultUrl);
            Console.Write("to update, run ");
            if(_hostOs == "win")
            {
                Console.Write("'.\\bitwarden.ps1 -updateself' and then '.\\bitwarden.ps1 -update'");
            }
            else
            {
                Console.Write("'./bitwarden.sh updateself' and then './bitwarden.sh update'");
            }
            Console.WriteLine("\n");
        }

        private static void MigrateDatabase(int attempt = 1)
        {
            try
            {
                Console.WriteLine("Migrating database.");

                var dbPass = Helpers.GetValueFronEnvFile("mssql", "SA_PASSWORD");
                var masterConnectionString = Helpers.MakeSqlConnectionString(
                    "mssql", "master", "sa", dbPass ?? string.Empty);
                var vaultConnectionString = Helpers.MakeSqlConnectionString(
                    "mssql", "vault", "sa", dbPass ?? string.Empty);

                using(var connection = new SqlConnection(masterConnectionString))
                {
                    var command = new SqlCommand(
                        "IF ((SELECT COUNT(1) FROM sys.databases WHERE [name] = 'vault') = 0) " +
                        "CREATE DATABASE [vault];", connection);
                    command.Connection.Open();
                    command.ExecuteNonQuery();
                }

                var upgrader = DeployChanges.To
                    .SqlDatabase(vaultConnectionString)
                    .JournalToSqlTable("dbo", "Migration")
                    .WithScriptsAndCodeEmbeddedInAssembly(Assembly.GetExecutingAssembly(),
                        s => s.Contains($".DbScripts.") && !s.Contains(".Archive."))
                    .WithTransaction()
                    .WithExecutionTimeout(new TimeSpan(0, 5, 0))
                    .LogToConsole()
                    .Build();

                var result = upgrader.PerformUpgrade();
                if(result.Successful)
                {
                    Console.WriteLine("Migration successful.");
                }
                else
                {
                    Console.WriteLine("Migration failed.");
                }
            }
            catch(SqlException e)
            {
                if(e.Message.Contains("Server is in script upgrade mode") && attempt < 3)
                {
                    var nextAttempt = attempt + 1;
                    Console.WriteLine("Database is in script upgrade mode. " +
                        "Trying again (attempt #{0})...", nextAttempt);
                    MigrateDatabase(nextAttempt);
                    return;
                }

                throw e;
            }
        }

        private static bool ValidateInstallation()
        {
            var installationId = Helpers.ReadInput("Enter your installation id (get at https://bitwarden.com/host)");
            if(!Guid.TryParse(installationId.Trim(), out var installationidGuid))
            {
                Console.WriteLine("Invalid installation id.");
                return false;
            }

            _installationId = installationidGuid;
            _installationKey = Helpers.ReadInput("Enter your installation key");

            try
            {
                var response = new HttpClient().GetAsync("https://api.bitwarden.com/installations/" + _installationId)
                    .GetAwaiter().GetResult();

                if(!response.IsSuccessStatusCode)
                {
                    if(response.StatusCode == System.Net.HttpStatusCode.NotFound)
                    {
                        Console.WriteLine("Invalid installation id.");
                    }
                    else
                    {
                        Console.WriteLine("Unable to validate installation id.");
                    }

                    return false;
                }

                var resultString = response.Content.ReadAsStringAsync().GetAwaiter().GetResult();
                var result = JsonConvert.DeserializeObject<dynamic>(resultString);
                if(!(bool)result.Enabled)
                {
                    Console.WriteLine("Installation id has been disabled.");
                    return false;
                }

                return true;
            }
            catch
            {
                Console.WriteLine("Unable to validate installation id. Problem contacting Bitwarden server.");
                return false;
            }
        }

        private static void RebuildConfigs()
        {
            var environmentFileBuilder = new EnvironmentFileBuilder();
            environmentFileBuilder.BuildForUpdater();

            var url = Helpers.GetValueFronEnvFile("global", "globalSettings__baseServiceUri__vault");
            if(!Uri.TryCreate(url, UriKind.Absolute, out Uri uri))
            {
                Console.WriteLine("Unable to determine existing installation url.");
                return;
            }

            var domain = uri.Host;

            var nginxBuilder = new NginxConfigBuilder(domain, url);
            nginxBuilder.BuildForUpdater();

            var appSettingsBuilder = new AppSettingsBuilder();
            appSettingsBuilder.Build();

            var appIdBuilder = new AppIdBuilder(url);
            appIdBuilder.Build();

            var dockerComposeBuilder = new DockerComposeBuilder(_hostOs, _webVersion, _coreVersion);
            dockerComposeBuilder.BuildForUpdater();
        }

        private static IDictionary<string, string> ParseParameters()
        {
            var dict = new Dictionary<string, string>();
            for(var i = 0; i < _args.Length; i = i + 2)
            {
                if(!_args[i].StartsWith("-"))
                {
                    continue;
                }

                dict.Add(_args[i].Substring(1), _args[i + 1]);
            }

            return dict;
        }
    }
}
